<!– Sign up for our Newsletters | –>
Sign up for our Newsletters |
Email the Editor |
Print
In 2011, cybercriminals stepped up their game with the creation of malware networks (malnets)-distributed network infrastructures that exploit popular places on the Internet like search engines and social networking sites to repeatedly launch a variety of malware attacks.
Security firm Blue Coat Systems began tracking malnets this past year. In its 2012 security report, Blue Coat noted that malnet infrastructures give cybercriminals the capability to launch dynamic attacks that traditional anti-virus solutions typically don’t detect for days or even months. It pointed to one malware payload that in February 2011 changed its location more than 1,500 times in a single day.
Malware services now professional grade, incredibly profitable
“We track in the order of 500 of these,” Sasi Murthy, senior director of product marketing at Blue Coat, told CIO.com. “Some are very small and some are global. Vast parts of these networks may be silent for months. It’s a very effective way to evade law enforcement.”
The largest malnet identified by Blue Coat is Shnakule, which averages 1,269 hosts. It is distributed across North America, South America, Europe and Asia, and its malicious activity deals in drive-by downloads, fake AV, codecs, Flash and Firefox updates, botnet CnC controls, pornography, gambling and work-at-home scams. Blue Coat said that in July it expanded its traditional activities to include malvertising.
How malnets operate
Malnets are a collection of several thousand unique domains, servers and Web sites designed to work together to funnel victims to a malware payload–often using trusted sites as the starting point. Using this infrastructure and trending news- or celebrity-related lures, Blue Coat said cybercriminals can rapidly launch new attacks that attract many potential victims before security technologies can identify and block it.
“A lot of legitimate sites are actually infected,” Murthy said. “In some cases, you’ve got legitimate Web sites with up to 74 per cent malicious content.”
Perhaps the most popular way to lure unsuspecting users is search engine poisoning (SEP), which uses search engine optimization (SEO) techniques to seed malware sites high in common search results.
“About 1 in 142 searches or so led to a malicious URL in 2011,” Murthy said. “When you look at how important search requests are to all of us, that’s pretty scary.”
Blue Coat said each attack uses different trusted sites and bait to lure users. Some of the attacks don’t even use relay servers. Once the users take the bait they are taken directly to exploit servers that identify the user’s system or application vulnerabilities and use that information to serve a malware payload.
“In some cases, as with iFrame injections, users will travel the malnet path unknowingly,” Blue Coat said. “The relay and exploit server action takes place in the background and secretly installs malware. In other cases, downloading malware requires the user to click on a link.”
Page Navigation 1) Malnets on the rise. – Page 1
2) How to protect yourself against malnets. – Page 2
Next Page
Back
Article source: http://www.itbusiness.ca/it/client/en/home/News.asp?id=66124
View full post on National Cyber Security » Virus/Malware/Worms